patch 9.0.1440: "rvim" can execute a shell through :diffpatch
Problem: "rvim" can execute a shell through :diffpatch.
Solution: Disallow the shell "patch" command.
diff --git a/src/diff.c b/src/diff.c
index a46f0bf..1873767 100644
--- a/src/diff.c
+++ b/src/diff.c
@@ -1310,6 +1310,9 @@
else
#endif
{
+ if (check_restricted())
+ goto theend;
+
// Build the patch command and execute it. Ignore errors. Switch to
// cooked mode to allow the user to respond to prompts.
vim_snprintf((char *)buf, buflen, "patch -o %s %s < %s",
@@ -1380,7 +1383,8 @@
// Do filetype detection with the new name.
if (au_has_group((char_u *)"filetypedetect"))
- do_cmdline_cmd((char_u *)":doau filetypedetect BufRead");
+ do_cmdline_cmd(
+ (char_u *)":doau filetypedetect BufRead");
}
}
}
diff --git a/src/testdir/test_diffmode.vim b/src/testdir/test_diffmode.vim
index d60de50..cb042e1 100644
--- a/src/testdir/test_diffmode.vim
+++ b/src/testdir/test_diffmode.vim
Binary files differ
diff --git a/src/version.c b/src/version.c
index 5cace2e3..853ea5f 100644
--- a/src/version.c
+++ b/src/version.c
@@ -696,6 +696,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1440,
+/**/
1439,
/**/
1438,